Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cdiCiVpP4fxINHNCXBqENmAwJYw.roa
File:                     cdiCiVpP4fxINHNCXBqENmAwJYw.roa (raw, json)
Hash identifier:          LeKmGDksf7JAiUFA6DAUfkhJWWmxer6nogHZNNRDsuw=
Subject key identifier:   71:D8:82:89:5A:4F:E1:FC:48:34:73:42:5C:1A:84:36:60:30:25:8C
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0192DF08140D21C2561D96DF9A6AEED8B369
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cdiCiVpP4fxINHNCXBqENmAwJYw.roa
Signing time:             Wed 30 Oct 2024 20:05:01 +0000
ROA not before:           Wed 30 Oct 2024 20:05:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212042
IP address blocks:        31.57.130.0/24 maxlen: 24
                          31.58.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Dec 2024 08:34:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:df:08:14:0d:21:c2:56:1d:96:df:9a:6a:ee:d8:b3:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct 30 20:05:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71d882895a4fe1fc483473425c1a84366030258c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a0:91:ff:05:d7:bb:62:81:18:ec:05:90:42:
                    fa:ae:bd:e9:16:68:bf:47:32:d7:f6:64:ad:19:9c:
                    2c:a6:68:84:7a:3f:94:f8:21:2d:4b:43:48:04:2c:
                    bc:e6:0f:b1:99:01:df:ae:8c:d3:0c:f3:19:55:f5:
                    82:bd:bb:94:df:e1:61:d0:d9:85:d4:76:48:77:d8:
                    09:d3:61:a8:49:5f:a6:69:24:7e:2c:b0:a2:3a:56:
                    3f:df:8c:f3:8d:78:75:d9:b6:3e:28:01:9a:58:73:
                    49:d0:48:2c:58:75:7a:7a:f0:96:5e:de:6b:28:75:
                    7f:fd:a0:22:c6:9a:09:0c:a1:da:b9:49:c5:4d:61:
                    7e:e0:42:92:0c:93:53:3d:94:f2:40:25:a9:df:9b:
                    0f:94:15:6a:0b:37:58:49:f9:25:7d:3b:9a:a2:9f:
                    fe:12:84:fc:01:90:b2:82:63:1e:37:61:37:e4:4e:
                    82:a5:22:c6:74:a6:2c:1d:66:21:46:85:ad:9e:92:
                    e0:bf:66:c4:70:0b:e6:77:b2:ad:cd:42:e2:b3:bd:
                    a8:d0:ea:48:12:9a:0c:11:e9:63:8c:30:61:d1:8a:
                    f8:0c:f1:fc:20:ab:39:2a:b1:71:01:5e:69:37:b7:
                    8e:f4:cf:13:5b:0d:ea:63:0a:42:df:80:30:9b:c9:
                    a6:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:D8:82:89:5A:4F:E1:FC:48:34:73:42:5C:1A:84:36:60:30:25:8C
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cdiCiVpP4fxINHNCXBqENmAwJYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.130.0/24
                  31.58.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:fe:28:e2:9d:0b:54:18:88:f0:cd:98:72:6b:b8:47:17:ba:
         a9:5a:8e:45:74:b1:de:2a:1c:1b:28:27:32:74:1a:72:08:0b:
         25:c7:f2:28:52:b2:c9:08:5b:2a:01:0e:0a:c3:28:14:d1:6a:
         bd:13:3e:06:31:32:5b:ce:6a:0a:54:ea:85:89:97:e9:f3:b0:
         e4:7d:52:59:2e:76:81:71:32:f4:cc:31:5b:35:28:0a:88:c1:
         c9:02:0d:42:dc:1b:c5:3f:04:c7:38:65:9b:04:b5:e4:89:c7:
         7c:fc:6f:d4:53:b8:b3:35:f3:a8:74:06:6b:02:37:a8:72:10:
         d0:49:ec:28:7f:b0:06:28:19:b0:1b:0f:f2:9c:18:de:ed:b3:
         c6:e3:67:d5:9d:0c:81:01:6d:c9:5b:e2:a5:8a:d2:6b:33:8d:
         97:cd:3e:e7:1c:50:09:d9:cd:54:31:a2:51:87:69:fd:a8:00:
         cb:9f:ba:6e:55:93:3d:bb:05:e9:1a:3a:98:9e:35:4a:fd:5b:
         32:d7:10:19:d9:c0:17:90:3f:8b:61:0e:d4:6e:29:68:b2:d8:
         ef:67:0e:f3:44:c0:95:94:21:33:bc:c2:40:41:03:67:7e:b9:
         59:eb:66:30:bb:cf:fc:aa:fa:7a:88:39:83:dc:df:fe:52:01:
         c8:75:c1:11
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZLfCBQNIcJWHZbfmmru2LNpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMDMwMjAwNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWQ4ODI4OTVhNGZlMWZjNDgzNDczNDI1YzFhODQzNjYwMzAyNThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaCR/wXXu2KBGOwFkEL6rr3pFmi/
RzLX9mStGZwspmiEej+U+CEtS0NIBCy85g+xmQHfrozTDPMZVfWCvbuU3+Fh0NmF
1HZId9gJ02GoSV+maSR+LLCiOlY/34zzjXh12bY+KAGaWHNJ0EgsWHV6evCWXt5r
KHV//aAixpoJDKHauUnFTWF+4EKSDJNTPZTyQCWp35sPlBVqCzdYSfklfTuaop/+
EoT8AZCygmMeN2E35E6CpSLGdKYsHWYhRoWtnpLgv2bEcAvmd7KtzULis72o0OpI
EpoMEeljjDBh0Yr4DPH8IKs5KrFxAV5pN7eO9M8TWw3qYwpC34Awm8mm6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHHYgolaT+H8SDRzQlwahDZgMCWMMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvY2RpQ2lWcFA0ZnhJTkhOQ1hCcUVObUF3Sll3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzmCAwQA
HzqMMA0GCSqGSIb3DQEBCwUAA4IBAQC7/ijinQtUGIjwzZhya7hHF7qpWo5FdLHe
KhwbKCcydBpyCAslx/IoUrLJCFsqAQ4KwygU0Wq9Ez4GMTJbzmoKVOqFiZfp87Dk
fVJZLnaBcTL0zDFbNSgKiMHJAg1C3BvFPwTHOGWbBLXkicd8/G/UU7izNfOodAZr
AjeochDQSewof7AGKBmwGw/ynBje7bPG42fVnQyBAW3JW+KlitJrM42XzT7nHFAJ
2c1UMaJRh2n9qADLn7puVZM9uwXpGjqYnjVK/Vsy1xAZ2cAXkD+LYQ7Ubilostjv
Zw7zRMCVlCEzvMJAQQNnfrlZ62Ywu8/8qvp6iDmD3N/+UgHIdcER
-----END CERTIFICATE-----
Generated at Mon Dec 9 14:19:28 2024 by rpki-client on console-fra.rpki-client.org